|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8920"
(Chronic and Geohot have been talking about an exploit on twitter they found back in July. It's important to note here that it exists. :)) |
ChronicDev (talk | contribs) (→iBoot / Kernel) |
||
| Line 6: | Line 6: | ||
=== [[iBoot]] / [[Kernel]] === |
=== [[iBoot]] / [[Kernel]] === |
||
* [[iBoot Environment Variable Overflow]] - Firmware 3.1b1 and below (Note: [[iBoot]] on the S5L8920 can be downgraded allowing the exploit to be used on future firmwares, but ''only if'' a backup of the device-specific Apple-signed 3.0 iBSS with unique [[ECID]] was made.) |
* [[iBoot Environment Variable Overflow]] - Firmware 3.1b1 and below (Note: [[iBoot]] on the S5L8920 can be downgraded allowing the exploit to be used on future firmwares, but ''only if'' a backup of the device-specific Apple-signed 3.0 iBSS with unique [[ECID]] was made.) |
||
| − | * |
+ | * [[usb_control_msg(0x21, 2) Exploit]] - 3.1 and below. |
=== [[S5L8920 (Bootrom)|Bootrom]] === |
=== [[S5L8920 (Bootrom)|Bootrom]] === |
||
Revision as of 11:15, 6 October 2009
This is the processor used in the iPhone 3GS.
S5L8920 using THUMB-2 instruction set as much as ARM and THUMB ones. So the compiled binaries are not compatible with older CPUs.
Exploits
iBoot / Kernel
- iBoot Environment Variable Overflow - Firmware 3.1b1 and below (Note: iBoot on the S5L8920 can be downgraded allowing the exploit to be used on future firmwares, but only if a backup of the device-specific Apple-signed 3.0 iBSS with unique ECID was made.)
- usb_control_msg(0x21, 2) Exploit - 3.1 and below.
Bootrom
Boot Chain
Bootrom->LLB->iBoot->Kernel->System Software
